Date: Thu, 8 Mar 2001 22:30:00 +0100 From: Arjan.deVet@adv.iae.nl (Arjan de Vet) To: security@freebsd.org Subject: Re: ipfw or ipf? Message-ID: <20010308222959.A91060@adv.devet.org> In-Reply-To: <200103080229.f282T8E27412@cwsys.cwsent.com> References: <5.0.2.1.0.20010307181400.0336ed18@pop.schulte.org>
index | next in thread | previous in thread | raw e-mail
In article <200103080229.f282T8E27412@cwsys.cwsent.com> Cy Schubert wrote: >Its been reported that the state engine in IP Filter is more mature and >more restrictive because of the checks it does for TCP packets being >within the TCP window. I'm not sure whether IPFW does the same. See the following paper by Guido van Rooij for more information about 'TCP packets being within the TCP window': http://home.iae.nl/users/guido/papers/tcp_filtering.ps.gz Arjan -- Arjan de Vet, Eindhoven, The Netherlands <Arjan.deVet@adv.iae.nl> URL: http://www.iae.nl/users/devet/ for PGP key: finger devet@iae.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010308222959.A91060>